GGShield should validate inputs before passing them to Python Requests #101
Description
GitGuardian Shield Version
- I can reproduce this bug in the latest version
Command executed
ggshield scan pre-commitggshield quota- Any ggshield command that uses Python Request
Describe the bug
GGShield uses environment variables but do not validate that the charset used can translate to latin-1 before trying to send a request.
This leads to the following opaque error:
UnicodeEncodeError: 'latin-1' codec can't encode characters in position 6-12: ordinal not in range(256)
For instance, using (Note that these are not ASCII dashes but U+2013 which cannot be encoded using .encode('latin-1')):
GITGUARDIAN_API_KEY=–––––––FILL-ME–––––––––
You get an encoding error.
Expected behavior
When using forbidden characters, a clear error should be provided to the end user. In the example above, this could be:
- Invalid API Key (to match the response that would have been returned by the server)
- GITGUARDIAN_API_KEY must only contains characters that can be encoded in latin-1
- ...
Screenshots
N/A
Traceback (if available)
Traceback (most recent call last):
File "/home/mraguin/.local/bin/ggshield", line 8, in <module>
sys.exit(cli_wrapper())
File "/home/mraguin/.local/lib/python3.8/site-packages/ggshield/cmd.py", line 165, in cli_wrapper
return_code = cli.main(standalone_mode=standalone_mode)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/decorators.py", line 17, in new_func
return f(get_current_context(), *args, **kwargs)
File "/home/mraguin/.local/lib/python3.8/site-packages/ggshield/quota.py", line 18, in quota
response: Union[Detail, QuotaResponse] = client.quota_overview()
File "/home/mraguin/.local/lib/python3.8/site-packages/pygitguardian/client.py", line 307, in quota_overview
resp = self.get(
File "/home/mraguin/.local/lib/python3.8/site-packages/pygitguardian/client.py", line 177, in get
return self.request(
File "/home/mraguin/.local/lib/python3.8/site-packages/pygitguardian/client.py", line 129, in request
response: Response = self.session.request(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.8/http/client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1293, in _send_request
self.putheader(hdr, value)
File "/usr/lib/python3.8/http/client.py", line 1225, in putheader
values[i] = one_value.encode('latin-1')